I have several services sending their logs over to splunk.
I'd like to generate a daily dashboard report that looks like the one at the bottom of this page:
http://status.aws.amazon.com/
Basically, all the rows would be my various services. The columns would be the last 5-10 days. There would be a green, yellow, or red mark in the cells depending on the number of ERRORs that appear on the logs.
Is a report like this possible?
yes, though it's slightly easier to do it in Splunk with the rows and columns the other way:
source=mylogs earliest=-5d@d "ERROR" | timechart span=1d count by ServiceName
And then display it with the "heatmap" overlay. To transpose:
source=mylogs earliest=-5d@d "ERROR" | timechart span=1d count by ServiceName | fieldformat _time=strftime("%Y-%m-%d", _time) | transpose
yes, though it's slightly easier to do it in Splunk with the rows and columns the other way:
source=mylogs earliest=-5d@d "ERROR" | timechart span=1d count by ServiceName
And then display it with the "heatmap" overlay. To transpose:
source=mylogs earliest=-5d@d "ERROR" | timechart span=1d count by ServiceName | fieldformat _time=strftime("%Y-%m-%d", _time) | transpose
This works fine. Thanks!
Thank you. I'll give this a shot and mark this as the answer if it works.